5 Steps Retailers Should Take to Handle a Cyberattack

Once an organization has identified the nature, extent and severity of the attack, the incident response team is faced with two options: contain it or remove it. Containing and stopping the attack involves quarantining the compromised hosts or systems or disabling some functions, removing user access to the system, and determining and blocking the access point. More advanced malware and threats, which can alter techniques depending on your reaction, might require moving right to the removal phase without tipping off the attacker that you're on to them.